Major management apparatus, authorized management apparatus, electronic apparatus for delegated key management, and key management methods thereof

摘要

A major management apparatus, an authorized management apparatus, an electronic apparatus for delegated key management and key management methods thereof are provided. The major management apparatus generates a first delegation deployment message and a second delegation deployment message, which are transmitted to the authorized management apparatus and the electronic apparatus, respectively. The authorized management apparatus encrypts an original key management message into a key management message by an authorization key included in the first delegation deployment message. The original key management message includes an operation code and a key identity. The electronic apparatus decrypts the key management message into the original key management message by the authorization key included in the second delegation deployment message. The electronic apparatus selects an application key according to the key identity and operates the application key based on the operation code.

主权项

1. A major management apparatus for delegated key management, a network system comprising the major management apparatus, an authorized management apparatus, and an electronic apparatus, the major management apparatus comprising:
a storage unit, being configured to store a first device key and a second device key; a transceiving interface, being configured to transmit the first device key to the authorized management apparatus and transmit the second device key to the electronic apparatus; and a processing unit, being electrically connected to the storage unit and the transceiving interface and configured to encrypt a first original delegation deployment message into a first delegation deployment message by the first device key and encrypt a second original delegation deployment message into a second delegation deployment message by the second device key; wherein the first original delegation deployment message comprises an authorization key, the second original delegation deployment message comprises the authorization key, and the transceiving interface further transmits the first delegation deployment message and the second delegation deployment message to the authorized management apparatus and the electronic apparatus respectively so that a right of managing an application key of the electronic apparatus is delegated from the major management apparatus to the authorized management apparatus in a way that the authorized management apparatus encrypts an original key management message into a key management message by the authorization key and the electronic apparatus decrypts the key management message received from the authorized management apparatus into the original key management message by the authorization key and operates the application key according to the original key management message.